ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse

Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...

App Auto-Patch 安全漏洞

App Auto-Patch is an open-source tool developed by App Auto-Patch for automating the patching of Mac applications. Version 3.4.2 of App Auto-Patch contains a security vulnerability, which stems from insecure permissions, potentially allowing attackers to write arbitrary files...

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js RCE Patcher CVE-2025-55182 A simple, automated tool...

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

CVE-2025-63918

CVE-2025-63918 affects the PDFPatcher executable. The root cause is insufficient validation of user-supplied file paths, enabling directory traversal attacks that allow attackers to upload arbitrary files to arbitrary locations. The entry notes a local attack vector with low complexity and high i...

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

formii (=1.0.0), html-patcher-stream (>=1.0.0 <=1.1.0) +1 more potentially affected by unknown CVE via html-patcher (>=0.0.3 <=0.1.0)

html-patcher NPM version =0.0.3, =1.0.0, =0.1.0, =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-22751...

Malicious code in solara-patcher-legacy (npm)

The package solara-patcher-legacy was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in html-patcher (npm)

The package html-patcher was found to contain malicious code...

MAL-2025-22751 Malicious code in html-patcher (npm)

The package html-patcher was found to contain malicious code...

MAL-2025-33626 Malicious code in solara-patcher-legacy (npm)

The package solara-patcher-legacy was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

Malicious code in vite-logging-patcher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 704430ee3cb7da0b6e3eb0d7736f061b92391ab9b42f45be36bb3b6c68a16f31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3800 Malicious code in vite-logging-patcher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 704430ee3cb7da0b6e3eb0d7736f061b92391ab9b42f45be36bb3b6c68a16f31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3796 Malicious code in next-logging-patcher (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bf5e5919b2540c762616d719c6fa3bfc0baa1dc65bb926ef097766659727298 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...